From d2a5cbb3cefaa4418d7a87be18e7227b27b6deea Mon Sep 17 00:00:00 2001
From: cynthia <cynthia@noreply.localhost>
Date: Thu, 5 Jun 2025 13:31:39 +0100
Subject: [PATCH] fix

---
 dnscrypt/index.md | 54 +++++++++++++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 18 deletions(-)

diff --git a/dnscrypt/index.md b/dnscrypt/index.md
index 39c4ab3..a838c9b 100644
--- a/dnscrypt/index.md
+++ b/dnscrypt/index.md
@@ -77,13 +77,19 @@ In conclusion:
 
 For most Debian-like distributions, systemd-resolved may already be used and pre-installed.
 
-1. Enable `systemd-resolved`, if not enabled already.
+1. Install `systemd-resolved`, if not installed already.
+
+    ```bash
+    root@localhost:~# apt install systemd-resolved
+    ```
+
+2. Enable `systemd-resolved`, if not enabled already.
 
     ```bash
     root@localhost:~# systemctl enable --now systemd-resolved
     ```
 
-2. Edit `systemd-resolved`'s configuration file to use DNS-over-TLS and a DoT server of your choice.
+3. Edit `systemd-resolved`'s configuration file to use DNS-over-TLS and a DoT server of your choice.
 
     ```bash
     root@localhost:~# vim /etc/systemd/resolved.conf
@@ -99,7 +105,7 @@ For most Debian-like distributions, systemd-resolved may already be used and pre
     Domains=~.
     ```
 
-3. Restart `systemd-resolved` to use the new configuration.
+4. Restart `systemd-resolved` to use the new configuration.
 
     ```bash
     root@localhost:~# systemctl restart systemd-resolved
@@ -117,7 +123,13 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
     root@localhost:~# cd /opt/dnscrypt-proxy/
     ```
 
-2. Download a prebuilt version of `dnscrypt-proxy`, You can pick which CPU architecture is in your system from [the list of dnscrypt-proxy binaries](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
+2. Install `curl`, if not installed already. We will use this to download files.
+
+    ```bash
+    root@localhost:/opt/dnscrypt-proxy# apt install curl
+    ```
+
+3. Download a prebuilt version of `dnscrypt-proxy`, You can pick which CPU architecture is in your system from [the list of dnscrypt-proxy binaries](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
     We'll be downloading 2.1.12 for x86_64 in this tutorial.
 
     Example:
@@ -125,7 +137,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
     ```bash
     root@localhost:/opt/dnscrypt-proxy# curl -L -O https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.12/dnscrypt-proxy-linux_x86_64-2.1.12.tar.gz
     ```
-3. (Optional) Download and verify the minisign signature of the tar file
+4. (Optional) Download and verify the minisign signature of the tar file
 
     Install minisign and download the minisig file for the binary you downloaded
 
@@ -144,7 +156,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
 
     If everything is fine, it should say: `Signature and comment signature verified`
 
-4. Extract the tar file. All the files should be in a sub-directory in the tar file, so files have to be moved back to the current directory.
+5. Extract the tar file. All the files should be in a sub-directory in the tar file, so files have to be moved back to the current directory.
 
     Example:
     ```bash
@@ -152,7 +164,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
     root@localhost:/opt/dnscrypt-proxy# mv linux-x86_64/* .
     root@localhost:/opt/dnscrypt-proxy# rmdir linux-x86_64
     ```
-5. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`.
+6. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`.
     Our example machine is currently running `systemd-resolved`, so we will disable and stop that.
 
     ```bash
@@ -160,14 +172,14 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
     root@localhost:/opt/dnscrypt-proxy# systemctl disable systemd-resolved
     ```
 
-6. Copy the example configuration file, and start `dnscrypt-proxy` to see if it works. It should work out of the box.
+7. Copy the example configuration file, and start `dnscrypt-proxy` to see if it works. It should work out of the box.
 
     ```bash
     root@localhost:/opt/dnscrypt-proxy# cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
     root@localhost:/opt/dnscrypt-proxy# ./dnscrypt-proxy 
     ```
 
-7. While `dnscrypt-proxy` is running, back up `/etc/resolv.conf` and create a new one using `dnscrypt-proxy`'s DNS port
+8. While `dnscrypt-proxy` is running, back up `/etc/resolv.conf` and create a new one using `dnscrypt-proxy`'s DNS port
 
     ```bash
     root@localhost:/opt/dnscrypt-proxy# mv /etc/resolv.conf /etc/resolv.conf.bak
@@ -188,7 +200,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
 
     If it was able to resolve `example.com`, congratulations, `dnscrypt-proxy` is now working.
 
-8. Close the running `dnscrypt-proxy`, install it as a service and start it up!
+9. Close the running `dnscrypt-proxy`, install it as a service and start it up!
 
     ```bash
     root@localhost:/opt/dnscrypt-proxy# ./dnscrypt-proxy -service install
@@ -197,7 +209,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
 
     Now we are onto configuring `dnscrypt-proxy` to use DoH and/or DNSCrypt.
 
-9. (Optional) Tinker with the configuration file. The file is extensively commented, and has a lot of stuff you can mess around with.
+10. (Optional) Tinker with the configuration file. The file is extensively commented, and has a lot of stuff you can mess around with.
 
     ```bash
     root@localhost:/opt/dnscrypt-proxy# vim dnscrypt-proxy.toml
@@ -243,7 +255,7 @@ We'll be using `dnscrypt-proxy` for this section of the tutorial, which offers s
     prefix = ''
     ```
 
-10. If any configuration was done, `dnscrypt-proxy` can always be restarted with the following command:
+11. If any configuration was done, `dnscrypt-proxy` can always be restarted with the following command:
 
     ```bash
     root@localhost:/opt/dnscrypt-proxy# ./dnscrypt-proxy -service restart
@@ -301,7 +313,13 @@ routes = [
     root@localhost:~# apt install tor
     ```
 
-2. Edit Tor's configuration file to make it listen locally on a DNS port.
+2. Enable Tor, if not enabled already.
+
+    ```bash
+    root@localhost:~# systemctl enable --now tor
+    ```
+
+3. Edit Tor's configuration file to make it listen locally on a DNS port.
 
     ```bash
     root@localhost:~# vim /etc/tor/torrc
@@ -312,14 +330,14 @@ routes = [
     ```
     DNSPort 53
     ```
-3. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`.
+4. Disable any other DNS resolvers currently running. You can check with `ss -lp 'sport = :domain'`.
     Our example machine is currently running `systemd-resolved`, so we will disable and stop that.
 
     ```bash
     root@localhost:~# systemctl stop systemd-resolved
     root@localhost:~# systemctl disable systemd-resolved
     ```
-4. Backup the existing `resolv.conf`, and make a new one configuring the system to resolve DNS queries through Tor
+5. Backup the existing `resolv.conf`, and make a new one configuring the system to resolve DNS queries through Tor
     ```bash
     root@localhost:~# mv /etc/resolv.conf /etc/resolv.conf.bak
     root@localhost:~# vim /etc/resolv.conf
@@ -331,13 +349,13 @@ routes = [
     nameserver 127.0.0.1
     ```
 
-5. Start up Tor.
+6. Restart Tor.
 
     ```bash
-    root@localhost:~# systemctl enable --now tor
+    root@localhost:~# systemctl restart tor
     ```
 
-6. Now try pinging a site to test out if the Tor DNS works.
+7. Now try pinging a site to test out if the Tor DNS works.
 
     ```bash
     root@localhost:~# ping example.com